PowerShell User Group Kick Off Meeting - PowerShell and Security

PowerShell wizards Matt Nelson (https://twitter.com/enigma0x3) and Will Schroeder (https://twitter.com/harmj0y) are in town for Security BSides. They have offered to be the speakers for our Boston PowerShell User Group May KickOff meeting.

Sessions

• Offensive Active Directory With PowerShell

• Building an Empire With PowerShell

Logistics

We hope to have one or two presentations including demos and a Q&A. I am organizing a sponsor to provide us with food and drinks as well.

They are only in town for one night so hopefully as many people as possible can make it.

Note that Microsoft requires that attendees check in with a photo ID.

Abstracts

Offensive Active Directory With PowerShell

Active Directory has been covered from a system administration aspect for as long as it has existed. However, much less information exists on how adversaries abuse and backdoor AD, leaving many defenders blind to the attacks being executed in their own environment. We'll cover Active Directory from an offensive perspective, illustrating ways that attackers move through Windows networks with ease. PowerView (the PowerShell domain enumeration tool) will be highlighted, including how to use it for local administrator enumeration, domain trust hopping, user hunting, ACL auditing, and more.

Building an Empire With PowerShell

Over the past few years, attackers have started to realize that the same aspects of PowerShell that make it an excellent Windows automation solution also make it an ideal attack platform. The Empire project aims to bring together various offensive projects into a fully-functional malware agent (written purely in PowerShell) that can be used offensively by red teams and used to train blue teams to defend against these types of attacks.